Junior doctor Matt Farrier sometimes asks advice on medical matters from his consultant paediatrician father Martin. Like ‘every doctor in the country’ they use WhatsApp – and don’t want to stop

Concern about the security of sharing patient-specific data by WhatsApp is not new. It’s been hanging around since middle-aged doctors discovered that WhatsApp existed. That was some time after younger doctors started using it.

The middle-aged doctors raised concerns about the security of WhatsApp, but not long after that they found the app was so useful they forgot about their concerns and joined the WhatsApp groups the younger doctors had set up. Quite some time after that, the middle-aged doctors found they could set up their own WhatsApp groups.

As time went on, few of the doctors on WhatsApp took security concerns about the platform too seriously. Some significant time after the WhatsApp groups were established, the BMA expressed its concerns. These concerns were valid but also related to the embarrassment caused to the union when WhatsApp messages discussing the junior doctors’ strike were leaked.

Over the past few years, the reputation of WhatsApp in healthcare has been on a rollercoaster. Hailed as a lifesaver in the early stage of the pandemic – allowing doctors to share vital information about the new virus – restrictions on its use were relaxed by NHS England. But there have also been warnings that it is not safe in terms of data security and ineffective in managing clinical workflow – a “ticking time bomb” in the hands of clinicians. We have lived with the confusion around WhatsApp’s place in healthcare for well over a decade. Concerns about the risk it presents to patient confidentiality have never gone away.

GMC guidance on social media use warns doctors to bear in mind that communications on instant messaging services or private groups “may become public”.

Safe from prying eyes

At a government level, legislative changes are underway that could effectively ban WhatsApp. The concern is once again about security, but this time it’s because the messages are too secure.

WhatsApp’s really good end-to-end encryption means that governments can’t hack into our messages. They were happy enough for such apps to exist when people considered them to be safe but weren’t. All the time the government was able to freely access messages. Now that they are safe from prying eyes, they don’t want us to use them.

The need to prioritise online safety for children and detect terrorists and criminals on social media and messaging apps is the driver of legislative changes. An amendment to the Investigatory Powers Act will stop tech companies introducing new security to software without the government’s approval. It will mean messaging platforms can be blocked if they don’t allow the government or its security services to have access.

In healthcare, there is now the need to develop a ‘Goldilocks’ messaging app: secure enough to win patients’ confidence, but not so secure that the government can’t see what we are doing.

Of course, messaging systems will continue to exist. Even if the law does spell the end for WhatsApp – and the company has threatened to withdraw from the UK rather than weaken its encryption – people will find ways around the change and will carry on exchanging private messages. There is SMS text messaging. You can include other people in SMS texts and you can send images (including ECGs). There is also Teams. We both have it on our phones and some NHS employers provide it to clinical staff. The activity will still exist.

Perhaps the real problem is the desire to ban things. WhatsApp has turned out to be an essential communication tool that crosses boundaries of organisations and identification. If you are a doctor, it makes it easy to get advice from colleagues in a different specialty. And this can improve the care we give and mean better outcomes for patients.

What we should have done, years ago, was embrace the benefits of this technology and adapt it to healthcare to limit any potential risks. There have been apps approved by the NHS such as Pando. These are safe, but without the widescale adoption by doctors they don’t cross boundaries and they act more like an email with notifications.

Tolerance of risk

Healthcare has been late to adopt this technology and has been risk averse. But tech development has always required a tolerance of risk. WhatsApp is part of that story.

We haven’t invested in the development of WhatsApp with its parent company or in the development of a safe NHS-specific WhatsApp that’s easily available and free. Rather we have concentrated on restricting or banning its use and writing guidance about what people are allowed to share on the platform.

The problems we are facing now have been brought on by our own inaction and lack of investment. WhatsApp is both too safe and not safe enough. And it is used by every doctor in the country.

Martin Farrier is a consultant paediatrician and CCIO. Matt Farrier is an FY2 (foundation year two) junior doctor.